Stop Hackers by Securing Remote Desktop Protocol (RDP) for IT Support

Many IT departments and IT services vendors rely on Microsoft Remote Desktop Protocol (RDP) to access and work on their own or their clients’ remote computers and systems. Unfortunately, RDP is a common access pathway for hackers, who easily guess default logins and passwords or use brute-force attacks to gain control of RDP connections. Today, there is a thriving interest in RDP hacking, with cybercriminals buying and selling access to point-of-sale terminals and other systems that have RDP enabled on underground forums.

In fact, the 2013 Trustwave Global Security Report states: “Organizations that use third-party support typically use remote access applications like Terminal Services (termserv) or Remote Desktop Protocol (RDP), pcAnywhere, Virtual Network Client (VNC), LogMeIn or Remote Administrator to access their customers’ systems. If these utilities are left enabled, attackers can access them as though they are legitimate system administrators.”

Natively, RDP has no centralized management, auditing or reporting, and limited identity management integration. In addition, RDP is designed for remote access on a local area network (LAN), and establishing a connection to a computer on a remote network usually requires a VPN tunnel and firewall configurations that compromise security - such as opening the default listening port, TCP 3389.

In this webinar, Bryan Hood, Sr. Solutions Engineer at Bomgar, will demonstrate how organizations can eliminate these security gaps, by routing RDP through Bomgar’s secure remote support appliance. With this approach, tech support professionals can still access and fix all of the systems they need to, without opening a door to hackers.

Tom Bowers, vCISO for ePlus and their clients, will cover what he sees as the looming threats for 2016, including Threat Intelligence and Sharing, State Sponsored Code and Commercial Malware, Security of Big Data, Embedded Systems, and the Physical and Cyber Convergence.

Customer data is complicated. It lives everywhere and changes frequently. Creating a holistic view of the customer journey can be a challenge, even as the opportunities are obvious. Join Larry Drebes, Founder and CEO of Janrain for lessons learned from thousands of enterprises, challenges with different approaches to customer data management, and the benefits of managing customer identity in the cloud.

Email is #1 source of risk in today's enterprise, yet also the #1 digital communication channel for businesses today. The United States Postal Service sends more than thirteen million emails per day, which makes their email channel and brand a high-profile target for criminal email cyberattacks. In this case study webinar, hear from Michael Ray, Inspector in Change of Revenue, Product & Cyber Security at the United States Postal Inspection Service, as he shares their story of how they implemented Agari to protect their brand and their customers against fraudulent attacks by securing their email channel.

Email is #1 source of risk in today's enterprise, yet also the #1 digital communication channel for businesses today. The United States Postal Service sends more than thirteen million emails per day, which makes their email channel and brand a high-profile target for criminal email cyberattacks. In this case study webinar, hear from Michael Ray, Inspector in Change of Revenue, Product & Cyber Security at the United States Postal Inspection Service, as he shares their story of how they implemented Agari to protect their brand and their customers against fraudulent attacks by securing their email channel.

Email is #1 source of risk in today's enterprise, yet also the #1 digital communication channel for businesses today. The United States Postal Service sends more than thirteen million emails per day, which makes their email channel and brand a high-profile target for criminal email cyberattacks. In this case study webinar, hear from Michael Ray, Inspector in Change of Revenue, Product & Cyber Security at the United States Postal Inspection Service, as he shares their story of how they implemented Agari to protect their brand and their customers against fraudulent attacks by securing their email channel.

Email is #1 source of risk in today's enterprise, yet also the #1 digital communication channel for businesses today. The United States Postal Service sends more than thirteen million emails per day, which makes their email channel and brand a high-profile target for criminal email cyberattacks. In this case study webinar, hear from Michael Ray, Inspector in Change of Revenue, Product & Cyber Security at the United States Postal Inspection Service, as he shares their story of how they implemented Agari to protect their brand and their customers against fraudulent attacks by securing their email channel.

Email is #1 source of risk in today's enterprise, yet also the #1 digital communication channel for businesses today. The United States Postal Service sends more than thirteen million emails per day, which makes their email channel and brand a high-profile target for criminal email cyberattacks. In this case study webinar, hear from Michael Ray, Inspector in Change of Revenue, Product & Cyber Security at the United States Postal Inspection Service, as he shares their story of how they implemented Agari to protect their brand and their customers against fraudulent attacks by securing their email channel.

Operating from the belief that education is the most powerful weapon, one of our foremost security researchers will provide an analysis on a recently documented stealthy malware family named Stegoloader. Our upcoming webcast will unveil the sophistication of Stegoloader’s characteristics which make it hard to analyze and detect. This webcast will help you understand the nature of Stegoloader in order to counter it more efficiently and effectively.

Pierre-Marc Bureau, Senior Security Researcher from the Counter Threat Unit (CTU), will discuss how Stegoloader cloaks its main component as a harmless Portable Network Image (PNG) while it extracts and executes malicious code hidden within an image. Although CTU researchers have not observed Stegoloader being used in targeted attacks, it has significant information stealing capabilities. Malware authors are constantly looking for ways to adapt and improve detection mechanisms, which makes Stegoloader a prime candidate for cyber-criminals arsenals. Learn how digital steganography may be a new trend for threat actors globally.

In this webcast, you will:

- Gain insight on when and where Stegoloader was first encountered.
- Learn characteristics of Stegoloader and how it operates.
- Understand digital steganography trends and how to detect and remediate.

All workplaces share the same security threat: the well-meaning but careless employee who may be more focused on productivity than protecting the company’s sensitive or confidential information. Often, without thinking of the potential consequences, they leave confidential documents in plain view, share passwords, circumvent security procedures and transfer sensitive data to the public cloud without company approval – ultimately costing much more to your organization’s bottom line than the employee hoped to save in time. IT professionals agree that more security incidents are caused by negligence than malicious acts.

In this webinar, Dr Larry Ponemon of the Ponemon Institute and Michael Crouse, Director of Insider Threat Strategies, Raytheon | Websense, will discuss findings of the 2015 survey The Unintentional Insider Risk in the United States and German Organizations.

Topics for discussion include:
*How much unintentional security incidents are costing your organization
*Which employees are most likely to cause an unintentional insider breach
*What you can do about it

The biggest challenge in security is no longer technology. We need to rise from recognition as security experts and experts within security teams to leaders protecting information from a world of risk and vulnerabilities.

Michael Santarcangelo cracked the code on the pathway to becoming an exceptional security leader. On July 30, 2015 at 1:00PM Eastern Michael will share the Exceptional IT Leadership Framework, including the 5 foundational elements, 9 competencies, and 5 essential habits. The webcast will explore the benefits of a framework-based, competency-driven approach to developing your leadership and how to assess where you really are in your leadership journey.

Study after study confirms that chat is both a cost effective and customer friendly channel. However, many organizations haven’t yet implemented chat or are still relying on email and phone as primary support channels. Moving to chat can be a daunting task, and too many organizations add chat as a support channel without proper planning. Inevitably, the full benefits of chat are never realized and customers refuse to embrace the new channel. This session will share actions a support organization can take to ensure the success of a new chat channel: ten steps that can help you put the right people, processes and technology in place to successfully launch and gain value from chat support.

According to the 2014 HDI Desktop Support Practices & Salary Report, remote control tops the “must have” list of technologies to successfully provide desktop support to end users. Unfortunately, many service desks are using legacy remote access tools that often leave security gaps putting companies at higher risk of data breaches. This is not a new or unknown issue. Often, IT departments don’t realize the tools they’re using to provide tech support are also being compromised by hackers to plant malware and steal data. According to the 2013 Trustwave Global Security Report, legacy remote access tools such as RDP and VNC are cited year after year as the most common attack pathways used by hackers. So if remote control tools top the must-have list, what can service desks do to securely support their users without putting their organizations at risk?

This session will educate desktop support professionals on how hackers are targeting legacy systems and what they need to do to secure their environment.

The Department of Homeland Security has issued an advisory for the “Backoff Point-of-Sale Malware,” which has compromised nearly 600 U.S. businesses. According to Karl Sigler, threat intelligence manager with Trustwave, “The criminals gained initial access through remote access systems set up on many POS systems for support and troubleshooting purposes. They would run a brute-force attack on the remote access system's passwords.”

Most IT departments, outsourcers and vendors rely on remote access tools, such as Microsoft Remote Desktop and LogMeIn, to access and work on remote computers and systems. But these tools are too often readily accessible from any Internet location and rarely configured to require multi-factor authentication, making them easy and popular targets for hackers.

In this webinar, Boatner Blankenstein, Sr. Director of Solutions Engineering, and Bryan Hood, Sr. Solutions Engineer, at Bomgar, will walk through the Department of Homeland Security’s recommendations for securing remote access, and explain what support teams need to do to implement these guidelines. They’ll also share best practices for improving remote access security beyond the basic recommendations to further protect systems from malware and data breaches.

Fast incident resolution is at the center of so many ITSM metrics, and remote support is a key part of a multi-channel contact center’s ability to speed time to resolution. This webinar will outline unique types of metrics that you can capture using remote support technologies, how they are related, and how to analyze those metrics to improve services. You will also learn easy methods for cutting resolution times and boost customer satisfaction scores through remote support.

With more and more systems and devices needing technical support, you can’t always have or wait on end-user assistance to get you the access you need. Many remote support solutions don’t provide access to unattended systems in their core product. But with Bomgar Jump clients you can remotely access Windows, Linux and Mac computers wherever they are. In this webinar, learn different ways to access remote desktops, laptops, POS systems, kiosks and servers, even if no one is present to give you control.

Front-line stories from Boise State, Green Clinic Health Systems and The CLM Group

Yesterday’s service desk is fast disappearing. New technology and the eradication of geographic boundaries is changing customer expectations and service desk demands. Amid these new pressures, support organizations are taking important steps to create positive change to not only keep up with new demands, but also increase customer satisfaction.

Peter Jurhs of Boise State, Deedra Pearce from Green Clinic Health Systems and Ryan Pollard from the CLM Group will take turns sharing brief examples of how their service desks increased customer satisfaction and efficiency while also responding to increased demand. They will also participate in a panel Q&A about increasing the scope of support, handling the impact of systems changes, best practices for maintaining positive customer relationships, and more.

Today’s support centers spend a lot of money and resources on technology, including phones, service management, remote support, self-help, and knowledge base systems. Unfortunately, most organizations only leverage the most basic functions within these tools, rather than exploiting the wide variety of available features. Often this is due to user learning being left to “tribal knowledge” versus formalized training. In addition, support centers make processes more complicated by not integrating systems in order to provide a seamless path for both customers and support agents. When systems aren’t fully utilized or integrated, agents are forced to jump between multiple tools and processes, slowing down issue resolution and creating inconsistent and poor support experiences for customers.

In this webinar, Sara Lisch, Business Solutions Manager at Bomgar, will outline how organizations can fully utilize integrated web-based technologies to better resolve issues and provide a stellar customer experience. Sara will cover:

- Basic and advanced usage of remote support, chat, knowledge base and ticket management tools
- How to utilize built-in features to enable a consistent support experience and a more streamlined workflow
- Best practices for integrating systems and processes to provide a seamless experience for customers and agents

A recent Forrester Research survey found that when IT and business organizations are asked whether IT delivers high-quality, timely end user support that anticipates employee/customer needs, there is a huge disparity. IT professionals think they are doing a good job, whereas the business disagrees. For most IT organizations, the service desk is the most used single point of contact (SPOC) for business customers¹, making it the lens through which all of IT is viewed. If IT leaders want to improve customer service and the perception of IT, they need to stop obsessing over traditional service desk metrics, and start analyzing whether the quality of interactions is meeting the business’s expectations.

In this webinar, Forrester Senior Analyst Amy DeMartine, will outline the questions Infrastructure & Operations leaders should be asking to fully understand whether their service desk is meeting business needs. Amy is a member of Forrester's service management and automation team, which serves I&O and service support and delivery professionals in improving, optimizing, and automating the services they offer to business consumers and users. Amy will also share five key strategies for improving the customer experience and keeping the service desk relevant.

In addition, Nathan McNeill, Co-founder and Chief Strategy Officer at Bomgar, will provide an overview of some best practices and tools service desks can implement to support these strategies.

Many IT departments and IT services vendors rely on Microsoft Remote Desktop Protocol (RDP) to access and work on their own or their clients’ remote computers and systems. Unfortunately, RDP is a common access pathway for hackers, who easily guess default logins and passwords or use brute-force attacks to gain control of RDP connections. Today, there is a thriving interest in RDP hacking, with cybercriminals buying and selling access to point-of-sale terminals and other systems that have RDP enabled on underground forums.

In fact, the 2013 Trustwave Global Security Report states: “Organizations that use third-party support typically use remote access applications like Terminal Services (termserv) or Remote Desktop Protocol (RDP), pcAnywhere, Virtual Network Client (VNC), LogMeIn or Remote Administrator to access their customers’ systems. If these utilities are left enabled, attackers can access them as though they are legitimate system administrators.”

Natively, RDP has no centralized management, auditing or reporting, and limited identity management integration. In addition, RDP is designed for remote access on a local area network (LAN), and establishing a connection to a computer on a remote network usually requires a VPN tunnel and firewall configurations that compromise security - such as opening the default listening port, TCP 3389.

In this webinar, Bryan Hood, Sr. Solutions Engineer at Bomgar, will demonstrate how organizations can eliminate these security gaps, by routing RDP through Bomgar’s secure remote support appliance. With this approach, tech support professionals can still access and fix all of the systems they need to, without opening a door to hackers.

Three years ago, in response to upheaval in the technical service and support industry, HDI set out to investigate the current practices and opinions surrounding support for end-user mobile devices. At the time, BlackBerry was the device of choice across the board, and the term “BYOD” had only recently been coined. In the year that followed, the influx of mobile devices into the workplace threw support teams off balance: customers were requesting help with a wider selection of devices, and customer expectations, particu¬larly with regard to working on the go, were increasing rapidly. Now, 15% of tickets are related to mobile device support, and 52% of organizations have an optional BYOD program.

In this webinar, Roy Atkinson of HDI will discuss the state of mobile support and BYOD now, and discuss key findings from HDI’s recent research. Roy is HDI's senior writer/analyst, acting as in-house subject matter expert and chief writer for SupportWorld articles and white papers.

Roy will be joined by Boatner Blankenstein of Bomgar, Sr. Director of Solutions Engineering at Bomgar, who will demonstrate some service desk tools and best practices for supporting today’s influx of mobile devices.

Forrester Consulting recently completed a case study examining the total economic impact and potential ROI enterprises may realize by deploying the Bomgar remote support solution. To quantify the impact of using Bomgar’s technology, Forrester interviewed staff from Surgical Information Systems (SIS), a provider of perioperative information technology software. The Bomgar solution enables SIS to provide world-class service through more efficient support, increased security, and improved compliance, resulting in a more positive customer experience. During this webinar, Forrester will explain the costs and benefits SIS realized and how it resulted in a 419 percent return on their Bomgar investment with a payback period of 3.1 months. Bomgar will then share additional benefits tech support organizations can realize with a modern remote support solution, citing real-world customer examples.

With the continued rise of bring your own device (BYOD) initiatives, and mobile employees using varied devices such as tablets and smartphones, a new, highly complex set of support and security challenges has arisen for IT. In this webinar Ovum Research will outline the findings from a recent survey of 300 IT decision-makers across the UK, France and Germany, on the challenges they face in supporting employees who are becoming increasingly more mobile. Ovum and Bomgar will also share best practices for supporting remote and mobile end-users in a more efficient, secure way.

Processes ensure that service delivery is consistent, managed effectively, and that everyone is working towards the same goal. However, the potential flaw with processes is the requirement for human intervention, which is why Integration and Automation are key. In this webinar we'll review the key processes for IT teams and Service Desks, how those processes complement each other, and best practices for integrating and automating those processes.

Peter Jurhs, Boise State University; James Davies, University for the Creative Arts; Scott Braynard, Bomgar

Colleges and universities are often at the forefront of new tech support challenges, from BYOD, to supporting remote campuses and online students, to keeping up with the latest social media tools. Yet despite these modern complications, some higher education institutions are not just keeping up with the demands of supporting students and staff - they are improving the support experience. Hear from Peter Jurh of Boise State and James Davies from University for the Creative Arts on how, using Bomgar's remote support solution, they have handled the influx of new technologies and off campus students, while improving the end-user experience.

Service desks run their business and make critical decisions based on metrics. However, if the metrics used are unbalanced or biased, organizations may be making big decisions based on misleading information. Bomgar’s Manager of Business Solutions, Sara Lisch, will point out the pitfalls involved when support teams are evaluated and focus too closely on one or two commonly used service desk metrics, such as Average Handle Time, Customer Satisfaction, Quality, or Issue Resolution, rather than a balanced scorecard. She’ll also investigate the dangers of self-reported metrics and give insight into how service desks can collect unbiased and well-rounded feedback from support session analysis in order to obtain a true picture of performance on which to make business decisions.

When measured correctly, Customer Satisfaction (CSAT) data can open a window into your customer base. The cornerstone of every support organization should be an effective process for gathering, analyzing, and applying CSAT data. Bomgar’s Senior Director of Business Solutions, Robert Jew, will outline a methodology for creating a successful CSAT program, focusing on four major components: survey design, survey administration process and roles, performance reporting and evaluation, and analysis of drivers and causes.

With the popularity of remote working, using smartphones and tablets for work, and BYOD programs, traditional “desktop” support has become quite complex. Today’s IT organizations are challenged to provide end-to-end support—from software distribution and patching to asset management and incident support—for a wide variety of devices and platforms located around the world, both on and off their networks. In this session, you will learn best practices and new technologies for:

· Managing the full lifecycle of computing devices—including servers, PCs, mobile devices and more—from deployment to retirement.
· Improving service quality and time to resolution.
· Eliminating travel time and expense, shipping costs and labor to repair remote systems.
· Enhancing service desk satisfaction and reduce IT staff costs.

Join us as Senior IT Manager and HDI Contributor, Mike Hanson, walks us through results from the 2013 HDI Desktop Support Practices & Salary Report, focusing on desktop support staffing and the use of remote support. Then hear from Bomgar Senior Solutions Engineer, Adam White, to learn best practices for optimizing your service desk.

Dave Hylender unlocks this year's Verizon Business Data Breach Investigation Report, sharing key findings on the most common attack pathways, who's at risk and how the threat landscape is changing. Then Bomgar's Nathan McNeill outlines why remote access tools continue to be a popular pathway for hackers and provides practical guidance for securing your service desk’s remote tools.